This presentation is for the Online Community Research Network and was modified from the Presentation that I gave at Community 2.0.
It gives a clear outline of how OpenID, OAuth and Information Cards work, who is involved in moving them forward and what online communities can do to implement.
Online Identity for Community Managers: OpenID, OAuth, Information Cards
1. Online Identity:
OpenID, OAuth, Information Cards
OCRN Aug 2009
Kaliya Hamlin, Identity Woman
@identitywoman
identitywoman.net
skype:identitywoman
AIM/e-mail:kaliya@mac.com
co-founder, co-producer and the facilitator of the
INTERNET IDENTITY WORKSHOP
www.internetidentityworkshop.com
Wednesday, August 19, 2009
2. I am a community builder.
This is the technical community around user-centric digital identity that I have helped
build. We have met since 2005 every 6 months at the Internet Identity Workshop.
Wednesday, August 19, 2009
3. In mid 2004 Julia Butterfly Hill
launched this website to encourage
people to be active and linked to
40+ organizations. These sites had
about 50 login opportunities - each
one of them each required a new/
different user name and password.
How were all these groups going to work together –to form a strong
community - if the citizens they were asking to participate were
required to create several dozen accounts just to join the related
efforts and collaborate across them?
The answer is: with difficulty.
Just having links to good things is not enough to support a networked
movement. Activism as Patriotism only lasted until early 2007.
Wednesday, August 19, 2009
4. My sketches from 2003 for distributed social network
platform with user-centric identity.
How could the people that I knew shared interests and passion in
community (both facet to face and online), be able to work together
across boundaries and domains on the web?
In 2003 I began to sketch out designs for online “social network
tools” (that term was not yet in widespread use) for face to face communities to
connect online. I knew user-centric identity technologies were essential
but others didnʼt see it yet.
Wednesday, August 19, 2009
5. To cross boundaries and domains on the web people,
citizens, consumers needed the power to manage their
own identity information.
By identity information I specifically mean the identifiers
and handles that they use across time and in cyber
space - controlling the ways in which they are “seen” in
different contexts.
To do this we need open technical standards to make
identifiers portable across contexts and we need
interfaces to make this easy.
Wednesday, August 19, 2009
6. The good news is that the identity community has
come a long way in developing identity management
tools. Three are discussed in this slideshare.
Wednesday, August 19, 2009
7. The first two technologies I will be covering are OpenID
and OAuth - the key protocols in the so-called “open stack”
Wednesday, August 19, 2009
9. OpenID creates an integrated and wholistic “online life” (identity)
replacing the fragmentation that is created by maintaining 100-300
different accounts for different online services and the necessity to
create a new one at every website that requires a login.
Can you imagine how much easier and more pleasant community
life would be if we could reduce the number of identifiers and
handles to a manageable number – say under ten.
Wednesday, August 19, 2009
10. Different persona’s for one user that could
each have a different OpenID URL.
Wednesday, August 19, 2009
11. The user goes to a website
Wednesday, August 19, 2009
12. Traditionally the user is
presented with the
opportunity Login with a
user-name and password
Wednesday, August 19, 2009
13. user name/password
is replaced with
OpenID login box
The user enters a URL they control
- like their blog URL or from a provider.
* Newer user interfaces allow user to pick
Open ID provider they might have like
Google,Yahoo, Myspace, Facebook, AOL etc...
Wednesday, August 19, 2009
14. The website the
user is logging into
redirects the user to
where their URL
Wednesday, August 19, 2009
15. The user
is asked to
authenticate
Wednesday, August 19, 2009
16. The user responds
with a password
(or other additional
methods of authentication
like a token)
Wednesday, August 19, 2009
17. Authentication is successful!
The site with the user’s URL
redirects the user back to the
the user is
website they are logging into.
logged in
Wednesday, August 19, 2009
18. Who’s In?
Corporate Members:
• Facebook - Luke Shepard
• Google - Eric Sachs
• IBM - Nataraj (Raj) Nagaratnam
• Microsoft - Michael B. Jones Community Members:
• PayPal - Andrew Nash • Brian Kissel (JanRain)
• VeriSign - Gary Krall • Chris Messina (independent)
• Yahoo! - Raj Mata • David Recordon (Six Apart)
• Joseph Smarr (Plaxo)
• Nat Sakimura (Nomura
Research Institute)
• Scott Kveton
• Snorri Giorgetti (OpenID Europe)
• Allen Tom (Yahoo)
Wednesday, August 19, 2009
19. What you can do:
* Accept OpenID’s
* Issue OpenID’s (to employees)
* Issue OpenID’s to your user base
Wednesday, August 19, 2009
20. Single Sign On isnʼt enough though.
You also have to empower people to be able to
share data their own data.
oauth.net
Wednesday, August 19, 2009
21. The user belongs to two different sites.
Wednesday, August 19, 2009
22. How can the user move photos from photo site to the
social network site without giving away the password
for the photo site to the social network site?
Wednesday, August 19, 2009
23. The user asked if they want to share - then
redirected to the site to give their permission
Wednesday, August 19, 2009
24. The photo site gives the social network site a token
to the social network that gives it access to their account.
Wednesday, August 19, 2009
25. A data tunnel is created between the user’s
accounts on both sites
Wednesday, August 19, 2009
26. A user posts photos and they can flow from
one to the other - and they didn’t give away their password.
Wednesday, August 19, 2009
28. What you can do:
END THE
PASSWORD
ANTI-PATTERN
STOP Asking users for their password to gain
access to another site on their behalf
Implement Oauth on your site
Ask your partners to implement it.
Wednesday, August 19, 2009
37. What you can do:
*Issue information cards to members of your
site/organization
*Accept information cards from netizens to
collect information you think is important
*Use it to get third party validation about key
things important to you - so you donʼt have
to do identity proofing.
Wednesday, August 19, 2009
38. Kaliya Hamlin
Identity Woman
@identitywoman
identitywoman.net
skype:identitywoman
AIM/e-mail:kaliya@mac.com
co-founder, co-producer and the facilitator of the
INTERNET IDENTITY WORKSHOP .com
Wednesday, August 19, 2009